Total Pageviews

Monday, 5 February 2018

翻墙工具-flint

TCP proxy using Enigma rotor cipher.
中文
Simple experimental TCP proxy using Enigma rotor cipher applied to base24 encoded data, written in D. The only dependency is botan.
Flint provides strong integrity and really weak confidentiality, as Enigma is a WWII cipher. It is recommended to use stunnel for some true confidentiality.

Building

git clone https://github.com/nametoolong/flint
cd flint 
dub build --build=release (在当前目录下,会生成可执行文件flint)
The example client side config is flint.config and server side flint.config_server. You can start the server using --config=flint.config_server.

Where are my keys?

cd keytool
dub --build=release (在当前目录下,会生成pubkey.key和privkey.key文件)
The files pubkey.key and privkey.key will be created under the folder keytool. The server requires privkey.key and the client requires pubkey.key.

Usage

Use --config=<file> to specify a config file. Explanations go below.
type should be client or server.
rotors and rings should be the settings of the first, second and third rotors. reflector is the type of the reflector. Only 3 rotors are supported currently. See enigma.d for available types.
On client side, listen and port specify where to listen for application connections and remote and rport specify the server address. On server side, listen and port specify where to listen for clients and remote and rport specify where to forward applications connections to. timeout is the timeout of client or server connections and does not affect application connections. idletimeout affects only the server and specifies the length of inactivity before disconnecting a client.
keyfile specifies the RSA public or private key file. powleadingzero is the required number of leading zero bytes (0x00) in client's proof of work and powfirstbytemax is the the highest acceptable value of the first non-zero byte in client's proof of work. powsalt is the salt value for proof of work hashes. maxdisconnectdelay is the the maximum delay when disconnecting, during which a random delay between 0 and this value will be chosen and the shutdown of connection will only be done after the random delay.

How does it work?

Flint multiplexes application TCP connections in one TCP connection. When started, the client does a proof of work and then connects to the server. The first message sent over the connection is the 'hello' message from client to server, which is a 32-byte proof of work string followed by some random alphabetical data. The server checks the proof of work and replies with a 'cookie' message, which is a 8-byte cookie concatenated with a 26-byte alphabet, followed by some random alphabetical data. The client then replies with a 'key' message, which is a base24 encoded RSA cipher string containing crypto keys, mixed with the two letters unused in the base24 process and followed by some random alphabetical data again. After the server's successful decryption, the handshake is finished. The three handshake messages have no length field and flint clearly has broken behavior that an intact message is required to be received at one time. Spaces are always ignored in flint protocol, so an arbitrary amount of spaces could be added into the message being sent over the wire, making flint data stream look more like plain text and enables flint to be a replacement of bananaphone.
After handshake, the following message structure is used.
[HMAC][length authentication tag][length][payload]
The message will be encoded using base24 and then encrypted using an Enigma machine. Authenticate then encrypt is a bad idea but I have no idea how to implement encrypt-then-authenticate.

from https://github.com/nametoolong/flint
https://github.com/nametoolong/flint/issues/1
----------

在64位linux vps上,安装dmd和dub

wget http://downloads.dlang.org/releases/2.x/2.074.1/dmd.2.074.1.linux.tar.xz
tar Jxvf  dmd.2.074.1.linux.tar.xz
cd dmd2

root@RegalMusty-VM:~/dmd2# ls
README.TXT  html         linux  osx      solaris  windows
freebsd     license.txt  man    samples  src
root@RegalMusty-VM:~/dmd2#  cd linux
root@RegalMusty-VM:~/dmd2/linux# ls
bin32  bin64  lib32  lib64
root@RegalMusty-VM:~/dmd2/linux# cd bin64
root@RegalMusty-VM:~/dmd2/linux/bin64# ls
README.TXT  dman  dmd.conf  dumpobj   obj2asm
ddemangle   dmd   dub       dustmite  rdmd
(dmd和dub是可执行文件)
root@RegalMusty-VM:~/dmd2/linux/bin64#
root@RegalMusty-VM:~/dmd2/linux/bin64# echo 'export PATH=$PATH:~/dmd2/linux/bin64' >> /etc/profile
root@RegalMusty-VM:~/dmd2/linux/bin64# . /etc/profile
root@RegalMusty-VM:~/dmd2/linux/bin64# which dmd
/root/dmd2/linux/bin64/dmd
root@RegalMusty-VM:~/dmd2/linux/bin64# which dub
/root/dmd2/linux/bin64/dub
root@RegalMusty-VM:~/dmd2/linux/bin64#
这样dmd和dub就安装好了。
(dub/dmd的下载地址:https://dlang.org/download.html#dmd
http://downloads.dlang.org/releases/2.x 
http://downloads.dlang.org/releases/2.x/2.074.1/ 
http://downloads.dlang.org/releases/2.x/2.074.1/dmd.2.074.1.linux.tar.xz
必须安装dmd的2.074.1版,不要安装2.078.1版.)
------------------------------------------------------------------
git clone https://github.com/nametoolong/flint
cd flint 
dub build --build=release 
会显示:(需等待5分钟左右)
...
Memory debugger enabled
flint ~master: building configuration "application"...
Enhanced memory security is enabled.
Memory debugger enabled
Linking...
root@vps:~/flint#
(在当前目录下,会生成可执行文件flint)
root@vps:~/flint# cd keytool
root@vps:~/flint/keytool# ls
dub.json source
root@vps:~/flint/keytool# dub --build=release
root@vps:~/flint/keytool# ls
dub.json  dub.selections.json  keytool privkey.key  pubkey.key  source
root@vps:~/flint/keytool# cp privkey.key ..
root@vps:~/flint/keytool# cd ..
root@vps:~/flint# ls
dub.json      flint.config   LICENSE      README.zh_cn.md
dub.selections.json  flint.config_server  privkey.key  source
flint       keytool    README.md
root@vps:~/flint# nano flint.config_server
root@vps:~/flint# cat flint.config_server
type=server

rotors=II VI V
rings=1 16 7
reflector=B

listen=0.0.0.0
port=3967
remote=localhost
rport=3128
timeout=20
idletimeout=10

keyfile=privkey.key
powlife=30
powleadingzero=2
powfirstbytemax=32
powsalt=what
maxdisconnectdelay=1000
(上面的remote的值为同一台vps,所以其值设为localhost ,rport的值为同一台vps上,
所搭建的某个http proxy程序,比如squid所监听的端口或者
所搭建的某个socks proxy程序,比如ssocks/dante所监听的端口)
root@vps:~/flint# ./flint --config=flint.config_server & disown 
服务器端就搭建好了。
(以上的3128是服务器上所搭建的squid的端口号)
在客户端机器-mac系统上,则运行brew install ldc和brew install dub
参见https://wiki.dlang.org/LDC#OS_X,里面说:“homebrew users can install ldc with brew install ldc for the latest stable release or brew install ldc --devel for the latest beta / release candidate.“
https://github.com/ldc-developers/ldc#installation
(https://github.com/dlang/dub)
然后,
git clone https://github.com/nametoolong/flint
cd flint

yudeMacBook-Air:flint brite$ ls
LICENSE            dub.selections.json    keytool
README.md                   
README.zh_cn.md        flint.config        source
dub.json        flint.config_server
yudeMacBook-Air:flint brite$
(把服务器上的pubkey.key文件下载到这个flint目录)
yudeMacBook-Air:flint brite$  mv ~/.dub/packages/botan-math-1.0.3/botan-math/source/botan_math/mp_word.d ~/.dub/packages/botan-math-1.0.3/botan-math/source/botan_math/mp_word.d.bak
yudeMacBook-Air:flint brite$ cd ~/.dub/packages/botan-math-1.0.3/botan-math/source/botan_math/
yudeMacBook-Air:botan_math brite$ wget https://gist.githubusercontent.com/nametoolong/4b5e396ee4fb12a0273caad80b0e3e13/raw/1aa9de4bab51dd99f3cfbce8734f807d56cf9531/mp_word.d
yudeMacBook-Air:botan_math brite$ cd ~/flint
yudeMacBook-Air:flint brite$ dub build --build=release-debug --force
yudeMacBook-Air:flint brite$ ls
LICENSE            dub.selections.json    keytool
README.md        flint            pubkey.key
README.zh_cn.md        flint.config        source
dub.json        flint.config_server
(生成了flint这个可执行文件)
yudeMacBook-Air:flint brite$ nano flint.config
yudeMacBook-Air:flint brite$ cat flint.config
type=client

rotors=II VI V
rings=1 16 7
reflector=B

listen=127.0.0.1
port=4500
remote=my-vps-ip
rport=3967
timeout=20

keyfile=pubkey.key
powleadingzero=2
powfirstbytemax=32
powsalt=what
maxdisconnectdelay=0
yudeMacBook-Air:flint brite$ ./flint --config=flint.config
会显示:
2018-02-09T00:16:44.353:main.d:main:1598 Reading configuration file flint.config
2018-02-09T00:16:44.370:main.d:main:1627 Reading pubkey.key
2018-02-09T00:16:44.371:main.d:doProofOfWork:662 Doing Proof of Work...
2018-02-09T00:16:44.580:main.d:launchClient:711 Connecting...
2018-02-09T00:16:44.858:main.d:handshake:756 Handshaking...
2018-02-09T00:16:45.124:main.d:handshake:816 Connection established
2018-02-09T00:16:45.125:main.d:clientMain:845 Listening on 127.0.0.1:4500

 然后设置mac机器上的浏览器的http(或socks5)代理服务器地址为
127.0.0.1:4500,浏览器即可翻墙。

项目地址:
https://github.com/nametoolong/flint
https://github.com/nametoolong/flint/issues/1 
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)